[secdir] secdir review of draft-ietf-teas-rsvp-te-domain-subobjects-03

"Xialiang (Frank)" <frank.xialiang@huawei.com> Mon, 09 November 2015 07:10 UTC

Return-Path: <frank.xialiang@huawei.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com []) by ietfa.amsl.com (Postfix) with ESMTP id 9D0DD1A8724; Sun, 8 Nov 2015 23:10:52 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.21
X-Spam-Status: No, score=-4.21 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([]) by localhost (ietfa.amsl.com []) (amavisd-new, port 10024) with ESMTP id g2w_Pu2vRIMz; Sun, 8 Nov 2015 23:10:48 -0800 (PST)
Received: from lhrrgout.huawei.com (lhrrgout.huawei.com []) (using TLSv1 with cipher RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id F1F261A87A0; Sun, 8 Nov 2015 23:10:46 -0800 (PST)
Received: from (EHLO lhreml405-hub.china.huawei.com) ([]) by lhrrg01-dlp.huawei.com (MOS 4.3.7-GA FastPath queued) with ESMTP id CDV46875; Mon, 09 Nov 2015 07:10:44 +0000 (GMT)
Received: from SZXEMA412-HUB.china.huawei.com ( by lhreml405-hub.china.huawei.com ( with Microsoft SMTP Server (TLS) id; Mon, 9 Nov 2015 07:10:42 +0000
Received: from SZXEMA502-MBS.china.huawei.com ([]) by SZXEMA412-HUB.china.huawei.com ([]) with mapi id 14.03.0235.001; Mon, 9 Nov 2015 15:10:39 +0800
From: "Xialiang (Frank)" <frank.xialiang@huawei.com>
To: "draft-ietf-teas-rsvp-te-domain-subobjects.all@tools.ietf.org" <draft-ietf-teas-rsvp-te-domain-subobjects.all@tools.ietf.org>
Thread-Topic: secdir review of draft-ietf-teas-rsvp-te-domain-subobjects-03
Thread-Index: AdEavbx10LBa4DqQRhy7hQBNRVDkOw==
Date: Mon, 9 Nov 2015 07:10:39 +0000
Message-ID: <C02846B1344F344EB4FAA6FA7AF481F12AE924D3@SZXEMA502-MBS.china.huawei.com>
Accept-Language: zh-CN, en-US
Content-Language: zh-CN
x-originating-ip: []
Content-Type: multipart/alternative; boundary="_000_C02846B1344F344EB4FAA6FA7AF481F12AE924D3SZXEMA502MBSchi_"
MIME-Version: 1.0
X-CFilter-Loop: Reflected
X-Mirapoint-Virus-RAPID-Raw: score=unknown(0), refid=str=0001.0A020203.564046F4.0112, ss=1, re=0.000, recu=0.000, reip=0.000, cl=1, cld=1, fgs=0, ip=, so=2013-06-18 04:22:30, dmn=2013-03-21 17:37:32
X-Mirapoint-Loop-Id: 1f110b538856a6688cc43cbc74a2d0c0
Archived-At: <http://mailarchive.ietf.org/arch/msg/secdir/EL4Wg2tYU0OYQZMNKgGtNXVOgjc>
Cc: "iesg@ietf.org" <iesg@ietf.org>, "secdir@ietf.org" <secdir@ietf.org>
Subject: [secdir] secdir review of draft-ietf-teas-rsvp-te-domain-subobjects-03
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 09 Nov 2015 07:10:52 -0000


I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG.  These comments were written primarily for the benefit of the security area directors.  Document editors and WG chairs should treat these comments just like any other last call comments.

This experimental ID specifies new subobjects for RSVP-TE and GMPLS extensions to RSVP-TE to include or exclude 4-Byte Autonomous System (AS) and Interior Gateway Protocol (IGP) area during path setup.

The document appears in reasonably good shape.
Based on good existing security works on the RSVP-TE and GMPLS, such as [RFC3209], [RFC3473], [RFC4874] and [RFC5920], as well as only introducing some new subobjects for LSP path setup using the same process as before, this document does not introduce new risks in theory.
There are still several open issues (TBDs) in the document that need to be completed before publication.

Below a series of my own comments, questions for your consideration.

One side effect from the misbehaviors of trusted LSR I would suggest you to consider:
If the LSR includes the new defined subobjects with right AS-ID/IGP area id but still using the already existed Types, the legacy nodes will process its content wrongly, and vice versa. In this condition, the length filed checking is sometimes useful although not always;

For the inter-domain scenarios, is it possible that there is not authentication and data protection mechanisms between the two boundary nodes? Furthermore, if the connection between these two nodes are not hop-by-hop, how to guarantee the data integrity and mutual trust?

Editorial changes:
Section 6: the first sentence "Security considerations for MPLS-TE and GMPLS signaling are covered in [RFC3209] and [RFC3473].", using the phrases like "MPLS-TE" and "GMPLS signaling" is not very accurate, suggesting to change to "Security considerations for RSVP-TE and GMPLS signaling RSVP-TE extensions are covered in [RFC3209] and [RFC3473]. "

Thank you.